Hi Emma,I working on alerts with both metrics and logs.

I can give you an example.

Alert on Metric: Most common ones, CPU 80%, Memory 80%, etc.

Alert on Log: Let us assume that I have written automation to fetch some stock reports from multiple vendors. Here, there can be multiple errors while running automation

1. The vendor is down.

2. Credentials for one of the vendors has expired.

3. Parsing issue of files fetched from vendors.

4. No reports given by one of the vendors.

So, depending upon the error I may need to have different alerts that will be triggered to different users.

Have a look: https://github.com/opendistro-for-elasticsearch/alerting